Software - COSAIN (Capita)
COSAIN is a secure cloud based (Software as a Service) open source law enforcement data platform.
Features
- AI Driven social media listening, OSINT, and data mining platform
- Suite of tools for research, visualisation, consented data, breached data
- Premium social media, open-source, and publicly available data sources
- Library of industry specific search terms to aid efficiency
- OCR of images and translation of social media posts
- Real-time reporting and alerting, plus sentiment analysis
- Data exports integrate with multiple industry standard third-party tools
- De-duplication of volume data, intelligent geo-filtering for location data
- 2FA, secure hosting, SC/DV/NPPV3 vetted OSINT SME staff
- Full audit function for organisational risk mitigation
Benefits
- Designed for law enforcement and first responders
- Automates identification and reduction of online threat risk and harm
- Supports situational awareness and decision making during critical incident response
- Share and collaborate within the COSAIN community, user groups, webinars
- Strategic roadmap with continual innovative software development designed with users
- Dedicated account management with relevant experience and sector knowledge
- 24/7 Support Desk for operational and technical guidance
- ITIL Service Management, GDPR / ISO27001 compliant, and two-factor authentication
- Dashboarding capability to review results as analytics
Pricing
£1,300 a licence a month
- Free trial available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at engagewithus@capita.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 13
Service ID
3 1 4 1 0 5 4 8 6 6 1 0 1 6 5
Contact
Capita Business Services Limited
Capita Business Services Ltd
Telephone: 08702407341
Email: engagewithus@capita.co.uk
Service scope
- Software add-on or extension
- No
- Cloud deployment model
- Private cloud
- Service constraints
- See full terms and conditions for any platform restraints.
- System requirements
- Access to internet via web browser
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
During standard operating hours, response time within 30 minutes. Outside standard operating/weekends, response within 1-hour. If the incident is urgent, users can call a dedicated support number for immediate response.
Our online support-desk system supports logging/tracking of service requests through web-based customer interface. Customers can create service requests based on priority, product/solution type, status, and customer contact.
The process of capturing important details relating to the service request is done via web form interface and gives the customer the ability to add and update the request.
Customers can raise urgent issues via email/by calling our dedicated support number. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 AAA
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- WCAG 2.1 AAA
- Web chat accessibility testing
- Refer to service description.
- Onsite support
- Yes, at extra cost
- Support levels
- We provide support levels based on four severity levels: 1-4. A critical call would attract a 30-minute response with a non-critical call attracting a four hour response. We provide our support plan for this service as standard with no additional costs within standard operating hours. We provide a client engagement manager to all clients who subscribe to the platform to ensure we provide a consistent service throughout the term of the contract.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
New COSAIN users are offered onsite or remote training sessions at the start of their contract. In addition, all users have access to the following:
1) A dedicated account manager who will help them to implement the training into real world scenarios.
2) Online manual.
3) COSAIN Resources website.
4) How-to-videos.
5) Regular webinars and webinar recordings. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
- The service has built in functions to meet this requirement.
- End-of-contract process
- User access is terminated at contract end unless the service is renewed for an additional period.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- Yes
- Differences between the mobile and desktop service
- Mobile and tablets can be used.
- Service interface
- Yes
- User support accessibility
- WCAG 2.1 AAA
- Description of service interface
- Refer to service description.
- Accessibility standards
- WCAG 2.1 AAA
- Accessibility testing
- Refer to service description.
- API
- No
- Customisation available
- No
Scaling
- Independence of resources
- Underlying cloud infrastructure is designed to meet scalability and resilience requirements to ensure no impact as above.
Analytics
- Service usage metrics
- Yes
- Metrics types
- To be agreed during negotiation.
- Reporting types
-
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- In-house
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Built in functions allow this requirement to be met.
- Data export formats
-
- CSV
- Other
- Other data export formats
-
- Excel
- HTML
- Data import formats
- Other
- Other data import formats
- Text
Data-in-transit protection
- Data protection between buyer and supplier networks
- TLS (version 1.2 or above)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- Standard availability of the service runs at 99.5%. No service credits are available if this is not met. Further details available on request if necessary.
- Approach to resilience
- Our Data Centre provider is certified to ISO22301 (Business Continuity Management and Resiliency). All aspects of the Data Centre Facilities are provided N+1 with no single points of failure.
- Outage reporting
- Users are contacted via email regarding any outages.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- All support and management access is subject to the same access controls detailed previously.
- Access restriction testing frequency
- At least once a year
- Management access authentication
- 2-factor authentication
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- British Assessment Bureau
- ISO/IEC 27001 accreditation date
- 18/03/2021
- What the ISO/IEC 27001 doesn’t cover
- Further information is available on request regarding ISO27001 certification.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- All policies are available on request. As a minimum we meet ISO27001-2017.
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
-
Our data centre provider use an ITIL (Information Technology Infrastructure Library) based Change Management process to manage any proposed changes to the infrastructure.
Change request forms ensure that changes are clearly detailed and that all of the relevant personnel have signed these off before any changes are made. Particular attention is given to any impacts potentially to Security and performance.
We maintain a Configuration Management Database which is kept up to date with all information necessary to manage each environment, configuration and dependent service. - Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
Our Data Centre provider undertakes monthly security scans of our external IP addresses which highlight both application and infrastructure security risks, for example older versions of web facing software in use. We are notified within 24 hours of any security issues being identified along with a description of the remedial action required and whether this needs to be undertaken by us or the customer and can be carried out immediately.
Systems are monitored 24 hours a day for any potential security incident utilising technology which correlates logs from various sources. - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
- There is a suite of monitoring tools that maintain a continuous watch on all systems within the datacentres. Any potential compromises are dealt with by an Incident Management Process.
- Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Our Data Centres Service Monitoring System alerts based on pre-specified criteria. This can be tailored based on pre-defined processes to ensure that common events are dealt with swiftly or sent on for automated action.
The Service Desk is accessed either by phone or email to report incidents.
Further to an incident a detailed service report is provided to the client outlining the incident, any action and future mitigation. This is provided within 24 hours.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Public sector networks
- Connection to public sector networks
- No
Social Value
- Equal opportunity
-
Equal opportunity
We are committed to promoting diversity/ensuring nobody discriminates against individuals/groups under the Equality Act 2010. Promoting equality/inclusion is essential to being a responsible business/creating better outcomes for all.
We have demonstrated our commitment to disability inclusion by signing up to the Disability Confident Scheme. Our personal independence business, which supports with disability through our work for DWP, has implemented measures across recruitment, working arrangements and employee training, to become a disability confident leader.
We have sustainable representation of ethnic diversity reflecting the communities we operate in and commit to a 15% Black/Asian and ethnic minority representation across all levels, reflected by the makeup of our executive team. To identify/tackle inequality, we implemented mandatory learning on unconscious bias, to ensure we continue to breakdown stereotypes/unconscious thoughts, when recruiting, promoting, and upskilling staff.
We promote diversity via employee networks, learning, engagement, people, and leadership. Our employment procedures (recruitment-development), focuses on maximising the potential of everyone, developing talent, and recognising their differences. We have established internal network groups (gender, ethnicity, faith, LGBTQ+ and disability) to ensure we continually educate and develop our people.
In relation to Modern Slavery, our suppliers comply with all local laws/regulations providing safe working conditions, treating workers with dignity/respect, acting fairly/ethically and being environmentally responsible. The following policies help us ensure modern slavery is not taking place in our business/supply chains:
-Human Rights Policy: procedures to prevent breaches to human rights standards.
-Diversity/Inclusion Policy: to foster a fair/inclusive workplace, ensuring discrimination is eliminated.
-Procurement Policy: what to expect from CBSL when purchasing goods/services and requirements to be met by Suppliers.
-Code of Conduct: Behaviour standards to create better outcomes.
-Supplier Charter: How we/suppliers conduct business openly, honestly, and transparently.
-Speak Up Policy: Commitments to speaking up about serious concerns in CBSL/Supply Chain.
Pricing
- Price
- £1,300 a licence a month
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- To be discussed.
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at engagewithus@capita.co.uk.
Tell them what format you need. It will help if you say what assistive technology you use.